Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Unauthenticated network listener (AV:N/AC:L/PR:N/UI:N); availability is high (host freeze) but disclosure is limited to paths/usernames, so C:L rather than C:H.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
13DescriptionNVD
Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2.
AnalysisAI
Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the unauthenticated HTTP server that Podman Desktop (versions < 1.26.2) exposes - the attacker must be able to route TCP connections to that listener's port on the victim host. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals conflict and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same network as a developer running a vulnerable Podman Desktop instance connects to its unauthenticated HTTP server and opens a flood of connections with no timeout, exhausting file descriptors and kernel memory until the application crashes or the entire host freezes. In parallel, the attacker sends malformed requests to harvest verbose error messages that disclose internal filesystem paths and, on Windows, the logged-in username, aiding follow-on attacks. … |
| Remediation | Upgrade to Podman Desktop 1.26.2 or later, which fixes the issue (Vendor-released patch: 1.26.2). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all Podman Desktop installations and assess network accessibility; 7 days: Upgrade all instances to Podman Desktop 1.26.2; 30 days: Validate patch deployment across all systems and monitor security logs for exploitation attempts.
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Authorization bypass in Argo Workflows (2.9.0 through 4.0.1 and 3.7.x before 3.7.11) lets any user permitted to submit W
Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary
Devtron is an open source tool integration platform for Kubernetes. [CVSS 8.8 HIGH]
Credential theft via Lua script execution in Envoy Gateway versions before 1.5.7 and 1.6.2 allows authenticated attacker
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19943